Authenticator centralization and protection

ABSTRACT

Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by by comparing the received authenticator with the stored first authenticator.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. Nonprovisional applicationSer. No. 16/115,281, filed Aug. 28, 2018, entitled “AuthenticatorCentralization and Protection,” which is a continuation application ofU.S. Nonprovisional application Ser. No. 15/269,287, filed Sep. 19,2016, now U.S. Pat. No. 10,084,782, entitled “AuthenticatorCentralization and Protection,” which claims priority to U.S.Provisional Application No. 62/221,435, filed Sep. 21, 2015, entitled“Authenticator Centralization and Protection,” the disclosures of whichare incorporated by reference herein in their entireties.

TECHNICAL FIELD

This invention relates to security and privacy. More particularly itrelates to authentication and/or authorization performed via acommunications network based on user credentials and/or otherauthenticators.

BACKGROUND

1. Authentication and Identification

User authentication techniques, such as those relying on conventionalpasswords, one time passwords (OTPs), or hardware or softwaresmartcards, etc., have all too often proven to be either too weak andsusceptible to attacks, such as man in the middle (MITM) or man in thebrowser (MITB) attacks, or too cumbersome and expensive. The use ofsingle sign on techniques such as OpenID, FaceBook Connect, etc., onlymake the problem worse, as once the attacker has compromised the masteraccount, the attacker can access all other accounts that rely on theinitial login. Further, the focus of attackers has shifted from tryingto break the login process to using sophisticated techniques to come inafter the user has logged-in and attacking transactions as they arebeing performed. This has made transaction authentication, the act ofconfirming if the transaction seen at the back end web server isidentical to that intended by the user, even more important.

When considering authentication, one must necessarily consideridentification. An important concept when considering identification isthat each one us is a single person—a single carbon based unit. We haveone identity in reality, but in the digital world we tend to havemultiple digital representations of identity with multiple enterprises—aFacebook™ identity, an Amazon™ identity, multiple banking identities(mortgage, savings account, etc.), and so on. So each of us has multipledigital identities and each of these enterprises has a responsibility tomanage these identities and to verify that the users of their system arethe correct intended user. Additionally, different enterprises havedifferent responsibilities. Banks and other financial institutions, forexample, have a regulatory responsibility—to know their customers. Theyare required to a certain degree to know that you are correctlyidentified. Other enterprises, such as Facebook™, are not so muchconcerned with your identity for regulatory purposes, but because theywant to share your information with other users—their need to identifyis different. So each of these enterprises has a different set of whatis essentially identity attributes about you in their database and theyuse these attributes of your identity to verify that you are who you sayyou are when you use the services provided by the enterprise.

It is common for most enterprises to require that a user select a username and password, often referred to as user credentials, at the timethe user establishes a relationship with the enterprise. These areshared secrets for subsequent use by the enterprise to verify you arewho you say you are when accessing the enterprise website. However,banks and other financial institutions may require more. Theseinstitutions often require additional credentials, such as a socialsecurity number or some other personal information. That is, banks andother financial institutions typically subject you to more carefulexamination or scrutiny by requesting other identity relatedinformation, which are also often referred to as user credentials, whenyou initially establish a relationship with the institution, butthereafter rely primarily on your user name and password, and onlysecondarily on such other identity related information, to verify thatyou are who you say you are, i.e. to verify your identity, whenaccessing the institution's website.

Enterprises can also utilize information about what you possess (acredit card, a key, a token, etc.) to verify your identity. A bankissues you a credit or debit card, and can ask for the account numberand other information associated with the card, to verify you stillpossess it. Some cards and tokens have computing capabilities built-in,and can generate unique values when challenged. Those knowledgeable inthe art know that this often comes in the form of sending a random valueto the token, and the token then cryptographically signs that randomvalue using a private key stored on the token. When the token wasissued, the matching public key was stored in association with theidentity information of the user who was issued the token. When a tokenis challenged, the challenger can cryptographically verify which privatekey was used to sign the random value, and therefore verify the websitevisitor has possession, in real-time, of the token. By association then,the website could assume the visitor is the same person who was issuedthe token. A thief could steal the token however and potentially beinappropriately identified.

Thus, each enterprise has digital data that represents the sharedsecrets and/or information about a user that the enterprise uses toverify that specific user's identity. Because most users deal withmultiple enterprises, an individual user is required to have many usernames and passwords, each associated with an established enterpriserelationship. Often, to simply a user's life, they will choose the samepassword or other shared secret for every enterprise.

However, under the models of authentication discussed above, whensecurity is compromised, the identity of the user and the credentialsused to authenticate the user, e.g., passwords, social security number,credit card information, etc., can be stolen and used to impersonate theuser to the enterprise. This is because the identity of the user and theuser's credentials are both maintained by the applicable enterprise. Thecompromise escalates if the same password from the compromisedenterprise can be used to authenticate at a different enterprise.

Therefore, a successful attack on the enterprise can, and indeed has,resulted in not only a breach of the user's credentials, but also of theuser's identity. That is, in a single attack, attackers have been ableto steal not only the user's credentials used for a particularenterprise, but also the user's identity information which theenterprise associates with those credentials. Thus, if someone attacksone enterprise's information, they can get both the user's identity andthe user's credentials, possibly allowing the attacker to impersonatethe user at multiple enterprises, which is a catastrophic loss.

2. Shared User Credentials

Each enterprise requires a different level of trust or confidence in theauthentication of its users. Each has its own policies and criteriaestablished with respect to authentication. In the banking worldauthentication policy and criteria are based on risk management. Whattype of device is the user using? Has the user ever paid this payeebefore? What's the dollar amount of the transaction, etc. Accordingly,if a user wants to move $5000.00, the bank website is going to promptthe user for a different credential, or additional credentials toprovide a higher level of trust for the authentication, than it would ifthe user wanted to move only $10.00.

Additionally, an enterprise may want to utilize various credentials andother authenticators for the authentication and authorization process ina variety of different ways. This means that there is essentially amatrix of possibilities: using different categories of authenticatorsthat represent something you have (i.e. something in your possession),something you know (something within your knowledge), and/or somethingyou are (your biometric). Furthermore, the enterprise may have multiplechoices within each one of those categories. Something you have could bea phone or access to a phone call, or smart card, or token. Somethingyou know could be your mother's maiden name, your password, yourpreselected gesture or pattern, or which picture is the one that youchose when you logged in or when you set up the account. Something youare could be your fingerprint, your voice pattern, your face or someother biometric. Consequently, there are numerous possibleauthenticators that can be used for authentication.

Each type of authenticator has its strengths and weaknesses. Anauthenticator which verifies knowledge, like a password or sharedsecret, costs nothing, can be easily replaced, but must be memorized andcan be stolen. An authenticator which verifies procession, like a key ortoken, does not have to be memorized, can be cryptographicallychallenged, but can be lost or stolen. A biometric authenticatorrequires human interaction to capture a human attribute and thereforeverifies a human is involved, cannot be lost by the user, but requiresspecial equipment to be sampled, and to ensure the sample is from a livehuman to avoid replay or spoofing. That is why high securityapplications usually require use of multiple types of authenticators(also described as multiple factors of authentication).

There are also numerous ways to receive and sample these authenticators.As technology advances, devices evolve and today many users havemultiple different devices, each with different capabilities, and thus,a myriad of potential authenticators at their disposal. The problem isthat each user may utilize multiple different devices at different timesor even at the same time, and different users may utilize differentdevices with different capabilities. Furthermore, users will upgradetheir devices at various times unbeknownst to the enterprise. Thus, itis an arduous task for the banks, and other enterprises, to keep a validprofile for every user—it is a challenge for every user to continuouslyinform each enterprise of their new/upgraded devices, its capabilities,and thus, the potential authenticators available for authenticating theuser.

3. Usage Of Wireless Credential Devices—Access & Emulation

Today, if you look at certain credit cards, subway cards or otherpayment cards that can be used to pay for products or services, you willsee a symbol that looks like a speaker. That symbol indicates that thecard supports Near Field Communications (NFC), which are commonlyreferred to as NFC readable devices. Such NFC readable cards can betapped on a NFC enabled point-of-sale (POS) terminal, and the POSterminal will read the desired information (e.g. credit card number andexpiration date, or value remaining on a subway card etc.) off the cardwirelessly. Additionally, smartphones are now enabled with NFCcapabilities—they can act as an NFC readable device and can also readNFC readable devices. Accordingly, if you have an NFC enabledsmartphone, you can tap an NFC readable card on your phone, the phone,like a POS terminal, can read it wirelessly. NFC enabled devices,including NFC enabled POS terminals and smartphones, are sometimesreferred to as NFC readers. Thus, with NFC readable cards it is nolonger necessary for the user to copy the information from the card intoa website purchase form, or to physically insert the card into a POSterminal or to swipe the card's magnetic stripe. Instead, all that isrequired is that the card be tapped against an NFC reader and the NFCreader communicates wirelessly with the card to gather the desiredinformation from the card.

Additionally, authentication tokens, such as RSA secure ID tokens, arein common usage, with some banks offering these tokens to their end usercustomers—typically high valued end user customers. In order to convincea customer to utilize such tokens, the bank might say to the end user,if you really want to protect your high dollar account, we will send youone of these tokens and you will have to use it to log-in in order toaccess your account. These authentication tokens can be wirelesslyreadable as well, via many different wireless communication methods likeNFC, BLE (Bluetooth Low Energy), and others available now or in thefuture. Thus, it would be beneficial if the expanding usage of thesewirelessly readable devices in concert with smartphones and otherdevices could somehow be utilized to provide even strongerauthentication and verification. These devices are also referred toherein as low energy wireless devices—they do not require much energyand must be proximate to the device with which they are communicating.

Further, it should be noted that encoded information can also betransmitted and received using mobile cameras and microphones. Forexample, a mobile device can be used to scan a QR code using the camerafeature. Additionally, the microphone can also be utilized to pickupencoded audio that can be decoded later to provide information.

4. Attestations, Relationship Information, and Digital Currency

Conventionally, to prove your age you present some sort of credentialthat has been issued by a trusted third party—e.g. a driver's licenseissued by a Government Department of Motor Vehicles (DMV) or a passportissued by the United States Government. To prove you have credit, youmight show proof that you have an account established with a bank—e.g.show a bank credit card. The proof you provide is typically some type ofphysical documentation, sometime in the form of a card, issued by atrusted third party. This requires that you carry a physical credentialwith you to present as a form of attestation. Attestations may berequired not only for the purposes referred to above, but for any numberof other purposes including to verify your residence, your citizenship,and your employment.

However, there are issues with the use of physical credentials asattestations. For one, these physical credentials often containadditional information which is unnecessary for the required attestationand is information you wish to keep private. Accordingly, when requiredto prove your age, you may not wish to divulge your residential addressor your name. However, when providing a driver's license to attest tothe fact that you are over 21 years old, you are necessarily alsodivulging your name and address because this information is alsoincluded on your driver's license, but this information is entirelyunnecessary to prove your age. Additionally, if a physical credential islost or stolen another can obtain all the information contained thereonand you can lose this privacy.

Thus, it would be beneficial if users could somehow provide attestationsfor various purposes without the need to carry and present physicalcredentials.

Relationship information is information that is pertinent to arelationship between two parties. For example, relationship informationmay include preferred customer information for a relationship between aparticular purchaser (who is also referred to as a user) and aparticular merchant (which is also referred to as an enterprise). If,for instance, the purchaser has spent above a certain threshold amountwith the merchant, the merchant may issue a coupon to the purchaser goodfor a discount on a future purchase. While this may be issued in theform of a physical coupon or card to be held by the purchaser - theinformation shown on the physical coupon or card may actually bemaintained by the merchant in electronic form for the purchaser to useat their discretion until the coupon expires.

Here also, it would be beneficial if users could somehow providecoupons, preferred customer cards and other user-enterprise relationalinformation without the need to carry and present physical coupons,preferred customer cards or other user-enterprise relational informationin physical form.

Relationship information also includes digital currency, e.g., bitcoins.With digital currency, possession of the digital currency is necessary.That is, those who possess the digital currency own it. In this regard,the digital currency is similar to cash. There is no other protectionavailable. The person in possession of the digital currency is free touse it. People lose bitcoins—they have been stolen from online exchangesand wallets. Consequently, there is a need for additional security toprotect owners of digital currencies.

SUMMARY

According to certain aspects of the invention, a user transacting withan enterprise can be authenticated using credentials enrolled with athird party authentication service. The enterprise need only know theuser's identity. That is, the enterprise is not required to generate,store and securely maintain the user's credentials, which can be stolenif the enterprise's information systems are subjected to a securitybreach. The authentication service, on other hand, need not know theuser's true identity. Rather, the authentication service can associatethe user's credentials with a particular device by generating arelationship between the enterprise and the user's device. Accordingly,the true identity of the user and the user's credentials are neverstored in the same location. This prevents an attacker from getting boththe credentials and the user's identity as the result of a successfulattack, rendering the obtained information essentially useless.

According to another aspect, by centralizing the user's credentials in asingle point, the authentication service, the credentials need not bestored with every enterprise or entity intending to use thosecredentials to authenticate the user. Consequently, the chances of ahaving an attacker obtain those credentials through an attack can befurther reduced. Another benefit of this centralization is that the userneed not update their credentials with every enterprise with whom theyengage. Rather, the user need only update their credentials with theauthentication service and the enterprise can utilize those credentialsby sending a request for authentication to the authentication servicewith a policy on the authentication so that the authentication servicecan select the proper credential for authenticating the user.

One manner of implementing these aspects includes receiving thecredentials or authenticators for a user from a user device associatedwith the user storing the received authenticators with theauthentication service. When the user seeks to perform a transactionwith the enterprise, the enterprise sends a request to authenticate theuser with an authentication policy for authenticating the user. Therequest need not identify which of the stored authenticators is to beused for authenticating as the policy can be used by the authenticationservice to determine which authenticator of the stored authenticatorswill be used for authenticating the user. After selecting the preferredauthenticator from those stored and associated with the user device, theauthentication service sends a request to the user device requestingthat the user provide the selected authenticators. After receiving theauthenticator, the authentication service authenticates the user bycomparing the received authenticator to the selected one stored andprovided earlier to the authentication service.

According to another aspect of the invention, the stored authenticatorsinclude a plurality of authenticators including at least two differentauthenticators in different categories of authenticators, the differentcategories including a knowledge category including information known tothe user, a possession category including something physically possessedby the user; and a biometric category identifying physical attributes ofthe user. More preferably, the authenticators will include one or moreof: (i) at least two different authenticators in different categories ofauthenticators, the different categories including at least two of aknowledge category including information known to the user, a possessioncategory including something physically possessed by the user; and abiometric category identifying physical attributes of the user; (ii) atleast two different types of authenticators in a same category ofauthenticators or (iii) at least two different species of authenticatorsof the same type of authenticator.

According to another aspect of the invention, a user may enroll multipledevices with the authentication service to be used for authentication.The different user devices may be capable of providing different formsof authentication. In this case, the user enrolls authenticators from afirst user device associated with the user and also authenticators for asecond user device associated with the user. The authentication servicestores these authenticators with an account identifier or accountidentifiers associated with the user. It is noted that this accountidentifier need not be, and preferably is not associated with the trueidentity of the user. In this case, when the authentication servicereceives a request to authenticate the user with an authenticationpolicy for authenticating the user, the authentication service determinewhich authenticator from the stored authenticators to be used forauthenticating the user based on the authentication policy received fromthe enterprise. Additionally, the authentication service will selectwhich one of the first user device and the second user device to be usefor authenticating the user. The authentication service then transmitsan authentication request to the selected one of the first user deviceand the second user device via the network requesting the authenticatorchosen for authentication. After receiving an authenticator from theuser device in return, the user can be authenticated by comparing thereceived authenticator with the stored authenticator.

Another aspect of the invention relates to establishing multiplerelationships between the entities, including establishing key pairsbetween the various entities to enable encryption and decryptioncapabilities between any two parties of the three party system. Theserelationships can be used in combination with the centralizedauthentication system described above to provide for enhance security.This includes establishing an enterprise account between the enterpriseand the authentication service and identifying this relationship with anenterprise account identifier. A key pair may be generated forencrypting information exchanged between the enterprise and theauthentication service to provide for secure connections between theseentities. Another relationship is also established between the user andthe enterprise, which is identified using a user identifier to identifythe user. Also, a relationship is established between each user deviceand the authentication service and each of these relationships areidentified by a different device identifier. Thus, a particular user mayhave multiple devices set up in the user account. The user enrollsauthenticators through each user device, or a single authenticatoracross multiple devices, depending upon the capabilities of each device,and these enrolled credentials are associated with the user identifierand optionally with the device identifier through which they areenrolled. Additionally, the authentication service generates a key pairand transmits one key to the user device and stores the other key of thekey pair. This may be an asymmetric key pair. These keys are used toencrypt and decrypt information transmitted between the correspondinguser device and the authentication service to ensure securecommunications.

These keys stored at user device may also be protected in many ways,preferably using hardware protection. However, software protection canalso be used, as well as a combination of hardware and softwareprotection.

After establishing these relationships, a relationship may beestablished between the enterprise and a particular user device. Thisrelationship is established using the authentication service. Theauthentication service generates a relationship identifier thatassociates the user device identifier with the enterprise accountidentifier. The relationship identifier is stored and transmitted to theuser device. As a part of this process, the user device generates a keypair, stores one key of the key pair and transmits the other key of thekey pair with the relationship identifier to the enterprise through theauthentication service using the network. The other key is transmittedwith the relationship identifier so that the enterprise knows which keyto use for encrypting/decrypting when communicating with a particularuser device using the authentication service via the network.

It is perhaps worthwhile to emphasize here that it should be understoodthat the term “network” is used herein generically to refer to a digitalcommunications network, where the public Internet, local area networks,or private secure networks are some exemplary types. Many of theimplementations of this invention will utilize a single type of networkfor all communication channels, e.g. the Internet, while otherimplementations can use multiple different network types for differentchannels (for example the “network” may include multiple different typenetworks with one channel provided via a private type network, onanother channel is provided via the Internet). Thus, it will also beunderstood that the invention does not require the various differentcommunication channels to be provided via any particular type of networkor via the same network type. However, describe herein the preferredimplementation uses different secure channels between different pairs ofentities to eliminate single channel compromises and increase thedifficulty of communication channel attacks on the system.

It should also be understood that the method will typically beimplemented by a server having one or more ports through which itcommunicates via the network and the processor with the program logic,typically but not necessarily executable software, to perform asdescribed above. One or more exemplary embodiments may also be embodiedas programmed commands to be executed in various computer means, andthen may be recorded to a computer-readable recording medium. Thecomputer-readable recording medium may include one or more of theprogrammed commands, data files, data structures, or the like. Theprogrammed commands recorded to the computer-readable recording mediummay be particularly designed or configured for one or more embodimentsof the present disclosure or may be well known to one of ordinary skillin the art. Examples of the computer-readable recording medium includemagnetic media including hard disks, magnetic tapes, and floppy disks,optical media including CD-ROMs and DVDs, magneto-optical mediaincluding floptical disks, and a hardware apparatus designed to storeand execute the programmed commands in ROM, RAM, a flash memory, and thelike. Examples of the programmed commands include not only machine codesgenerated by a compiler but also include great codes to be executed in acomputer by using an interpreter. Furthermore, it is understood that oneor more of the above-described elements may be implemented as hardware(e.g., circuitry, at least one processor, memory, data lines, etc.),software, or a combination of hardware and software.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features, and advantages of the presentinvention will become more readily apparent from the following detaileddescription of exemplary embodiments of the invention, taken inconjunction with the accompanying drawings, in which:

FIG. 1 shows the main components of an authentication system between auser and an enterprise.

FIG. 2 shows a process for setting up secure relationships within theauthentication system.

FIG. 3 shows a process of a user conducting a transaction with anenterprise using the authentication system of FIG. 1.

FIG. 4 shows a process of a user conducting a transaction with anenterprise using the authentication system in combination with awireless credential.

FIG. 5 shows another process of a user conducting a transaction with anenterprise using the authentication system in combination with awireless credential challenge.

FIG. 6 is a table showing a matrix of authenticators/credentialsenrolled by a user using the authentication system.

FIG. 7 shows a process for selecting authenticators/credentials forverification based on a policy set by the enterprise.

FIG. 8 shows a process of a user using a phone to emulate a dynamicwireless credential to conduct a transaction.

FIG. 9 shows a manner of securely storing key or token in accord with anembodiment of the present application.

FIGS. 10A and 10B show a process for obtaining and providing a thirdparty attestation to an enterprise.

DETAILED DESCRIPTION OF THE INVENTION

Exemplary embodiments will now be described more fully with reference tothe accompanying drawings. The exemplary embodiments, however, may beembodied in many different forms and should not be construed as beinglimited to the embodiments set forth herein; rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete, and will fully convey the concept of the disclosure to thoseskilled in the art. In the drawings, the size of the various componentsmay be exaggerated for clarity. Like reference numerals in the drawingsdenote like elements, and thus their description will be omitted.

I. AUTHENTICATION SYSTEM ARCHITECTURE

1. Independent Channel Concept

One aspect of the invention relates to a system which separates thesecredentials from the identity using an authentication system thatanonymizes the transactions used to authenticate a user. Theauthentication system stores credentials and verifies that the user canpresent those credentials in a repeated way. The greater the number ofidentifiers or credentials for a particular user increases the degree oftrust that the correct person is being authenticated. For example, ifonly a password is used the trust is low, whereas if a password, theidentity of the user's network device (e.g. smartphone), and a user'sbiometric (e.g. fingerprint) imaged or otherwise detected by the phoneare all used, there is a high level of trust and confidence that theperson intended to be authenticated is the person actuallyauthenticated. Thus, even though the authentication system does not knowthe particular identity of the user, it can provide a high level ofconfidence that it has authenticated the person associated with aparticular set of credentials.

According to this aspect of the present invention, all of theauthenticators and devices for a user are aggregated on theauthentication server side in an account without the true identity ofthe user—that is the authenticators and device identifiers are savedanonymously. A particular user may have three different devices and sixdifferent authenticators, which are managed in the authentication serverto enable authentication of the user. However, to the authenticationserver the user is simply a person, i.e. a carbon based unit, whoprovided all of these authenticators, and the authentication server canauthenticate that same person through any of the applicable user networkdevices in the future—without knowing the user's true identity. Toaccomplish this, four bindings are created: one between the applicableuser network device and the authentication service; a second between theuser and the authentication service, where the user's authenticationcredentials are stored; a third binding between a device and its user,as recognized by the authentication service, to an account and identityat an enterprise; and a fourth binding between the enterprise and theauthentication service to provide secure access to the user networkdevice and to request user credential verification.

By anonymously aggregating a user's credentials in an authenticationservice, a person, i.e. a user, now owns his or her credentials. Theenterprises, such as banks, can take advantage of them by utilizing theservices of the authentication service, but they do not own the user'scredentials anymore. The fact that all of this credential information isstored (at the authentication service) separate from the identityinformation (at the enterprise), provides a privacy and securitybarrier, and allows centralized management (creation, revocation,renewal, deletion, upgrading) of the credentials. If the user decides toupgrade his device, to one which now for example allows retinalscanning, a new credential can be created at the authentication serviceonce, and that new credential can be utilized by all enterprises usingthe service. If an attacker hacks into the authentication service, theattacker may gain access to credentials, but does not know which user'sidentity it is associated with. If an attacker hacks into theenterprise, the attacker can get some identity information, but can getno credentials.

The authentication architecture and the process for developing thissystem are described with reference to FIGS. 1 and 2. The figures show aprocess for establishing the secure connections and bindings, with eachcolumn identifying an actor, the vertical direction being a sequence intime and the horizontal showing communications between actors.

An important feature in the present authentication system architectureis the concept of breaking authentication from identification andproviding multiple secure connections. This is important because itprovides for improved privacy and permits anonymizing the transactions.The system is built of three separate and secure communication channelbindings, each binding established between two different entities (theauthentication service 190 and the user device 101, the user device 101and the enterprise 130, and the enterprise 130 and the authenticationservice 190). These bindings are built on secure connections andconfigured such that no single compromise of one link, channel orbinding compromises the entire system. The design is intended towithstand a break into the authentication service 190, without fullybreaking the security model, a break into the enterprise 130 withoutfully breaking the security model, and a compromise to the user device101 without fully breaking the security model.

As shown in FIG. 1, the authentication service 190 is capable ofcommunicating with multiple enterprises 130, 130-2 . . . 130-n. However,for purposes of explanation, this following description is limited to asingle enterprise 130. Additionally, the authentication service 190 andeach enterprise 130 can have relationships with multiple users. Thus,the system described below may be implemented as a shared service orseparately for each enterprise.

In this embodiment, there are three sets of keys, to support threesecure connections, one corresponding to each binding. The first is asecure connection between the enterprise customer and the authenticationservice. In this example, this is a secure connection 160 between acustomer (enterprise 130) and the authentication service (authenticationserver 120). This secure connection 160 could be as simple as SSL or itcould be a mutually authenticated connection.

The second secured connection is created between the independent userdevice 101 and the authentication server 120. This connection may beestablished through, for example, a mobile device using a downloadedapplication or software agent 140. The independent user device 101communicates using a network connection and contains software capable ofexecuting various cryptographic techniques (encryption/decryption). Thisconnection is used to securely communicate to the authentication server120 to enroll and verify user credentials, such as a password, voicebiometric and/or fingerprint, but does require the identity of the user.Thus, the dotted line in FIG. 1 represents a line of privacy. Theauthentication server 120 does not know the true identity of the user,but knows the user is the same human being who enrolled the credentials.When that enrollment to the authentication service gets created, thebinding is establishing between the authentication server 120 and theindependent user device 101. An asymmetric key pair D1 (PK1/PK1′) iscreated 211 with one key PK1 stored 215 on the independent user device101 and the matching key PK1′ stored at the authentication service 190.In this embodiment, the key pair D1 (PK1, PK1′) is created, but neitherof the keys PK1, PK1′ are made public—no certificate authority holds oneof the keys PK1 or PK1′. This key pair is established between theauthentication service 190 and the user device, generated using softwareat the authentication service.

The third secure connection 170 is established between the user device101 and the enterprise 130 using the authentication service 190. Thisconnection is secured using a second asymmetric key pair D2 (PK2/PK2′)established between the user device 101 and the enterprise 130. This keypair D2 is generated by the user device 101, and one key PK2 is storedon the independent user device, and the matching key PK2′ is stored atthe enterprise, and associated with the user and the associated device.

FIGS. 1-2 show a system and process for establishing and using anauthentication system in accord with a first embodiment.

First, the process for establishing a relationship 290 between theenterprise 130 and the authentication service 190 is described, followedby the process for establishing a relationship 291 between the user/userdevice 101 and the authentication service 190. It is noted that therelationships between the user/user device 101 and the authenticationservice 190, and the relationship between the enterprise 130 and theauthentication service 190 need not be established in the order shown inFIG. 2. That is, the enterprise 130/authentication service 190relationship 290 may be established before or after the relationship 291established between the user/user device 101 and the authenticationservice 190 (as shown in FIG. 2).

The user first downloads 201 a software agent 140 to the user device101. This software agent may be an app downloaded from an applicationstore or embodied in some other manner. The software agent is providedby the authentication service 190, but may be provided from anothersource, such as the enterprise. The software agent on the user device101, creates 211 an asymmetric key pair D1 (PK1/PK1′). One key PK1′ istransmitted to 212 and stored 213 at the authentication server (forexample in the DB 131), and the matching key PK1 is stored 215 in theuser device 101. The user agent also sends other information including adevice ID (DEV-ID) to the authentication server 120 to register thedevice. This device ID identifies the device and the specific downloadedsoftware running on the device to allow the specific device to beaddressed and later receive communications from an enterprise.Preferably, this device ID is tightly bound to the specific hardwaredevice. The goal is to create a device ID that is not clone-able and asimmutable as possible. The authentication service 190 creates an accountID (A-ID) for the user and stores 205 the account with the device IDcorresponding to the user device 101 at the server, for example in thedatabase 121. If this is the first time the user has utilized theauthentication service from any device, as part of this deviceregistration process, the authentication service 190 also requests thatthe user enroll credentials 207. The credentials are used forauthentication of the human being (not the device) and may include,biometric authenticators (B) (for example, fingerprint, voice, facialrecognition), possession authenticators (P) (for example, mobile phone,NFC smart card, Bluetooth device) and knowledge based authenticators (K)(for example, passwords, patterns, social security number). Thesecredentials are collected though the device 101 and the user can selectwhich credentials to enroll based on the device capabilities and theuser's preference. For example, the user may provide a fingerprintsample, voice sample or facial recognition sample by collecting thesecredentials using the device 101. These credential samples are thentransmitted to 208 back to the authentication service 190 and stored 209in association with the account ID.

In some instances, the user device 101 may not be configured to transmitcertain credentials to the authentication service 190. For example, asmartphone may be configured to sample a fingerprint and verify thatthis fingerprint belongs to the user of the smart phone, but in view ofsecurity concerns, the smartphone may not transmit the fingerprintattributes. In this instance, the credential relating to the fingerprintbiometric may merely be stored in a manner to indicate that user device101 is capable of obtaining and verifying a fingerprint sample. Whenverifying the user credential of the fingerprint during anauthentication process the user device 101 with would then just transmita message indicating, “fingerprint verified”, back to the authenticationservice 190. This message would preferably be timestamped and digitallysigned be a device key (such as PK1) to avoid replay attacks.

Next, the establishment of a relationship between the enterprise 130 andthe authentication service 190 is described. The exact nature of therelationship establishment is not directly pertinent to this invention.What is important is the authentication service 190 sets up an accountand stores 220 an account ID (2P ACCT) for each enterprise 130 in a waythat the authentication service can ensure secure communications to andfrom the enterprise, and it can verify the enterprise account whenreceiving communications over the secure communications channel. Forexample, server side SSL or mutually authenticated SSL can be utilizedbetween enterprise 130 and the authentication service 190 to implementsuch a secured channel.

Establishment of the third relationship, the relationship between theuser/user device 101 and the enterprise 130, is described. One exampleof how such a relationship is established is the user goes to theenterprise 130 website to perform a transaction. The enterprise having arelationship with the authentication service, may inquire whether theuser wishes to use the authentication service 190, or may require thatthe user use the authentication service 190 to perform certaintransactions. The user then indicates the desire to create arelationship 225 with the enterprise 130 using the authenticationservice 190. At this point, it is not clear to the enterprise 130whether the user has a relationship with the authentication service 190.Consequently, the enterprise 130 may query the user to determine if theyhave a device setup with the software agent. If not, the enterprise 130can direct the user to establish a relationship using the relationshipprocess 291

Prior to setting up a relationship with the user via the authenticationservice, it is important that the enterprise have confidence that theuser meets the enterprises requirements for identity. The authenticationservice will verify it is the same human being, and the enterprise mustverify the human matches their stored identity. It is left up to theenterprise to perform whatever due diligence is necessary, either atthis point=immediately prior to the authentication service verifying thehuman, or immediately after.

When it is established that user has a device 101 setup with thesoftware agent and intends to establish a relationship with theenterprise 130, the enterprise 130 queries the authentication service190 for some type of one-time code (OTC) 227. As a part of this query,the enterprise can optionally specify which authentication credentialsit requires the authentication service to utilize to authenticate theuser. The method the enterprise uses to specify which credentials mustbe used can be at any level of credential specification (category, type,attribute, or any combination). If the enterprise specification is notdistinct, the authentication service will provide any missing details todistinctly determine the credential to utilize, based on theauthentications service's knowledge of what the device is capable of andwhich credentials the authentication service believes are best.

The authentication service 190 then generates the one-time code, whichis typically globally unique number, and transmits 229 the one-time code227 to the enterprise 130. The enterprise 130 receives the one-time codeand provides it to the user 231 through its website or some othermethod. For example, the one-time code may be sent via SMS to the useror displayed on the webpage of the enterprise to be seen by the user.The one-time code may be sent or displayed as a user readable code, suchas a number, to be entered by the user into the device 101, or sent ordisplayed as a device readable code (such as a QR code) to be capturedvia a camera or scanner within the device 101. To optionallyauthenticate the user who is inputting the OTC, the software agent onthe device can perform authentication of the user based on theauthentication credentials selected by the enterprise as part of the OTCquery. These optional authentication samples, possible localauthentication verification results, along with the OTC and the DEV-IDare then sent 235 by the software agent on the user device 101 over thesecure channel 180 to the authentication server where the authenticationservice can verify the user and determine which enterprise requestedthis specific OTC. The purpose of this process is to have some sort ofOTC associated with one enterprise, be input into the user device 101,in conjunction with optional user authentication, to provide a method tolink the user and the device 101 to the enterprise 130.

Once this link is established, the authentication service 190 generatesand stores 237 a relationship ID (REL-ID) that associates the device IDand user account (A-ID) of the user device 101 with the account ID (2PACCT) of the enterprise 130. The authentication service 190 then pushesthe relationship ID 239 to the device 101 through the secure connection180. The user device 101, using the software agent, generates anasymmetric key pair D2 (PK2, PK2′), stores one key (PK2) 241, andtransmits the other key (PK2′) 243 over the secure connection 180 to theauthentication service 190. The authentication service 190 does notstore the other key PK2′, but transmits 245 PK2′ with the relationshipID (REL-ID) to the enterprise 130 over the secure connection 160. Theenterprise 130 stores 247 the key PK2′ with the relationship ID(REL-ID). This will be used to decrypt encrypted messages sent by theuser device 101—decrypt [encrypt [message] PK2] PK2′. This key pairenables the user device 101 and the enterprise 130 to send and receiveencrypted messages between one another without permitting theauthentication service 190 to decrypt these messages, thus providingenhanced security.

Once this secure communications channel 170 is established between thedevice and the enterprise, this is a second opportunity for theenterprise to verify the user's identity prior to trusting therelationship ID is truly bound to its user identity. If part of theidentity information the enterprise can utilize for identityverification is of type possession, such as a wireless readablecredential, the enterprise can attempt to read that credential whilethis device—enterprise secure connection 170 is established. Toaccomplish this, the enterprise can send a request to the authenticationservice over communications channel 160 to read a wireless credentialvia device 101, along with an encrypted message over securecommunications channel 170 to be displayed on device 101, asking theuser to present their credential so the device can read it. The softwareagent can utilize whatever wireless communications capabilities thedevice has to offer to read the wireless credential in the possession ofthe user, and transmit the contents of such credential back to theenterprise over the secure communications channel 170. The enterprisecan then verify the content is as expected from its identityinformation, which then provides the enterprise more trust that therelationship ID truly matches the identity.

Thus, three secure connections are established. One secure connection isestablished between the user device 101 and the authentication service190 over secure connection 180 using key pair D1. Another secureconnection is established between enterprise 130 and the authenticationservice 190 over secure connection 160 using single or mutual SSL. Thethird secure connection is established between user device 101 andenterprise 130 over secure connection 170 using a key pair D2.

While the security established between the different channels isdescribed using key pairs above, it is noted that different methods ofproviding secure channels may be used, those different methods providingsecure communications may have a greater degree or lesser degree ofsecurity than the secure connections described above.

2. Separation of Identity and Privacy

Another aspect of this embodiment is the separation of authenticationcredentials and identity. If the identity and the credentials of a userare stolen, it is easy to emulate the user. By contrast, a user'scredentials have virtually no value without the identity of the user.The dotted line in FIG. 1 represents this separation. The authenticationservice 190 knows the independent user device 101 via a device ID and itenrolls and stores the user credentials used to verify the user, butdoes not know the true identity of the person enrolling thosecredentials. The authentication service 190 associates those credentialswith an account ID (A-ID) for the user associated with the user device101. On the other hand, while the enterprise 130 is aware of who theuser identity is, because they use the authentication service 190 toverify the user's credentials, the enterprise 120 is separated from thecredentials used to verity the user.

In this system, to provide for enhanced security, the authenticationservice 190 does not have knowledge of a user's true identity. Instead,the authentication service 190 verifies the user based on enrolledcredentials—without having any identity of the user. The authenticationservice 190 stores the user's credentials (for example in database 121)and verifies that the user can present those credentials in a repeatedway. So, the more accurate the credentials or the greater the number ofenrolled credentials provides a higher degree of trust that the user isthe same person coming back through the device 101. For example, if theauthentication service is just checking the password the trust is low.If the authentication service checks a password and it is received froma specific user device, the user has swiped a specific pattern on thescreen and the user presents a fingerprint sample via the device—thetrust is relatively high. If additional authenticators are added, suchas new uses for NFC enabled devices, the result is a greater degree oftrust that the real user is being authenticated.

So the authentication service 190 aggregates all of the authenticatingcredentials with an account ID (A-ID), and any number of correspondinguser devices 101 via device IDs (DEV-ID). So, without having the user'strue identity the authentication service 190 can verify a user, to avery accurate degree, is the same human being as was initiallyregistered, utilizing any number of known devices.

3. Relationships and IDs

As noted above, in order to maintain anonymity of the user whilepermitting the user to engage with an enterprise and use theauthentication service 190, multiple relationships are established. Arelationship is established between the enterprise 130 and theauthentication service 190 and stored as an account (2P ACCT-ID). Here,the identity of the enterprise 130 and the authentication service 190 isknown. Another relationship is established between the user and theauthentication service 190 and is stored as an account ID (A-ID).Another relationship is established between a user device 101 and theauthentication service 190 and this is identified using a device ID(DEV-ID). This identifier (DEV-ID) also identifies the specific userdevice 101. In this instance, the authentication service 190 is notaware of the user's identification. Instead, the account ID (A-ID) isassociated with a set of enrolled credentials, and one or more deviceIDs (DEV-ID). Finally, a relationship is established between the userdevice 101 and one or more enterprises 130-130-n as relationship IDs(REL-ID).

The account ID between the enterprise 130 in the authentication service190 (2P ACCT-ID) is stored in the database 121 or similar persistentstorage at the authentication service 190.

The account ID (A-ID) identifying the account between the user and theauthentication service 190 is stored in the database 121 or similarpersistent storage at the authentication service 190. This account ID(A-ID) is associated with one or more device IDs (DEV-ID,) and one ormore enrolled credentials (fingerprints, NFC card content, voiceattributes, passwords, patterns, etc).

A relationship ID (REL-ID) is stored in the authentication service 190database 121 or similar persistent storage and associated with oneaccount ID (2P ACCT-ID that identifies the account between theenterprise 130 and the authentication service 190), and one device ID(DEV-ID). The relationship ID (REL-ID) is also stored at the enterprise130 associated with the enterprise user identity. Consequently, when theenterprise 130 is performing transactions with a user, the enterprise130 can verify the user through the authentication service 190credential and device verification, without relying on the user's trueidentity to be known by the authentication service 190. Rather, theenterprise 130 identifies the user to be authenticated using therelationship ID (REL-ID). The authentication service 190 uses therelationship ID (REL-ID) to identify the device ID (DEV-ID), which canbe used to locate the account ID (A-ID) and associated user credentials,which can be verified by the authentication service 190. Theestablishment of these relationships enables the authentication service190 to communicate with the user's device 101 and verify the user'scredentials without knowing the true identity of the user. From asecurity aspect, the device information and the user credentials aresegregated from the true identity of the user.

4. Secure Communications

Another important aspect of this embodiment relates to secure/encryptedcommunications between the parties. In this embodiment, asymmetric keys,such as PKI cryptographic keys and/or SSL are used to encrypt messagesto secure communications between the various actors. As notedpreviously, these relationships are built on secure connections suchthat no one party of the three channels of communications has all thekeys.

As shown in FIG. 1, there are three sets of secure connections, onecorresponding to each relationship. The first is a secure connectionbetween the customer and the authentication service. In this example,this is a secure connection 160 between a customer (enterprise 130) andthe authentication service (authentication server 120). This secureconnection 160 could be as simple as SSL or these communications couldbe encrypted using mutual key pairs.

The second secured connection is created between the independent userdevice 101 and the authentication server 120. In this embodiment, theuser uses the user device 101 to set up an account with theauthentication service using a software agent 140 downloaded to userdevice 101. To set up this connection, the authentication server 120requires some credentials, such as a password, voice biometric and/orfingerprint, but does require the identity of the user. Theauthentication service 190 generates an asymmetric key pair D1(PK1/PK1′), stores 215 one key (PK1) of the key pair in the device 101and transmits the matching key (PK1′) to the authentication service 190which stores the key in association with the account ID (A-ID). Futurecommunications between the authentication service 190 and the userdevice 101 can be encrypted using the one of the keys and decryptedusing the matching key.

The third secure connection is between the enterprise 130 and the enduser device 101. To establish this connection, a one-time code isobtained by the enterprise, and in some way (like SMS or email orpresenting on a web page) communicated to the user and entered into thedevice 101 or captured directly be the device 101 (e.g via a camera).After the one-time code is inputted into the device 101 an identifier,the device ID, is transmitted 235 to the authentication service 190 withthe one-time code. In response to receiving the device ID and theone-time code, the authentication service 190 generates and stores 237 arelationship ID (REL-ID) that associates the device ID of the userdevice 101 with the account ID (2P ACCT) of the enterprise 130 whoseone-time code was inputted into that device. The authentication service190 then pushes the relationship ID 239 to the device 101 through thesecure connection 180. The user device 101, using the software agent,generates another asymmetric key pair D2, stores one of the keys (PK2)241, and transmits 243 the matching key (PK2′) over the secureconnection 180 to the authentication service 190. The authenticationservice 190 does not store the key PK2′, but transmits 245 the key PK2′with the relationship ID (REL-ID) to the enterprise 130 over the secureconnection 160. The enterprise 130 stores 247 the key PK2′ with therelationship ID (REL-ID). Thus, three secure connections are establishedwith the ability to encrypt/decrypt messages sent between any two of theparties.

5. Transacting Using the Authentication Service

FIG. 3 shows an example transaction between a user and the enterprise,exemplifying how the authentication service 190, the user and theenterprise 130 interact without the authentication service 190 knowingthe user's identity. This transaction also exemplifies how theinformation may be exchanged in an encrypted form between the userdevice 101 and the enterprise 130 without permitting the authenticationservice 190 access to the exchanged information.

Initially, the user engages the enterprise 130 to make a purchase orperform some transaction with the enterprise 130. In this case, forpurposes of explanation, the user is going to make a purchase 310 usingthe user's credit card. The enterprise 130, in order to verify that theuser is who he/she alleges to be, sends a request to the authenticationservice 190 to capture the credit card information and to verify theuser. As a part of this request the enterprise can attach a message tothe user encrypted using PK2′ of the key pair specific to therelationship ID (REL-ID). Also as a part of this request, the enterprisecan optionally specify which authentication credentials it requires theauthentication service to utilize to authenticate the user. The methodthe enterprise uses to specify which credentials must be used, can be atany level of credential specification (category, type, attribute, or anycombination). If the enterprise specification is not distinct, theauthentication service will provide any missing details to distinctlydetermine the credential to utilize, based on the authenticationsservice's knowledge of what the device is capable of and whichcredentials the authentication service believes are best. The requestincludes the relationship ID (REL-ID). Using the relationship ID, theauthentication service 190 identifies the device ID (DEV-ID) as well asthe user's specific set of credentials, and sends a command to thedevice 101 in order to verify the user and capture the card information.While the authentication service 190 is capable of using any of thecredentials enrolled by the user through the user device 101, in thisexample the authentication service 190 sends a command to the device 101requesting a fingerprint sample 325. A message is then displayed on theuser device 101 requesting a fingerprint sample 330. After the userprovides the sample, for example, by placing a finger on the devicesensor 332, the sample is encrypted using PK1 of the key pair D1 andthis encrypted sample is transmitted 335 back to the authenticationservice 190, which decrypts the sample using PK1′. As noted above, inthe event that the user device 101 is not configured to send the sample,but instead, performs its own verification of the sample, a result ofthe verification would be encrypted and transmitted back to theauthentication service 190.

Here we are assuming that a sample is provided to the authenticationservice 190. After receiving the sample, the authentication service 190verifies the sample 340. After the sample has been positively verified,the authentication service 190 transmits a command to the device 101 torequest data entry. The device decrypts the message sent from theenterprise, in this case “ENTER CREDIT CARD INFORMATION” 345. The userthen enters the credit card information 350 into the user device 101.User device 101 encrypts the credit card information using key PK2 ofkey pair D2 shown as [CARD INFO] PK2 and transmits 335 this informationto the authentication service 190. The authentication service 190 thentransmits the encrypted information to the enterprise 130 which holdsthe key PK2′ to decrypt the credit card information. The enterprisedecrypts the credit card information [CARD INFO] PK2′ 365 and sends iton to the credit card issuer for processing 370.

In operation, capturing the credit card information only after verifyingthe credentials of the user, including biometrics, binds the user, thecard and the device together in essentially real-time, to ensure thecard is actually being presented by the owner, instead of being stolen.The system layers the capture of data with a set of simultaneous and inproximity, authentication. For security purposes, it's important that ithas to be in the same spot, at the same time, and the human is verifiedbefore you get the information. The authentication service 190 will nottake the information unless you can verify that you are who the cardissuer expected you to be by presenting verifiable credentials. Anotheraspect of this system is that the authentication service 190 is passingencrypted information that it cannot decrypt because it does not holdthe required key. This protects the user and the enterprise from notonly a privacy perspective, but also from a security perspective as theauthentication service 190 does not hold the keys D2.

II. Wireless information CAPTURE and user credential verification

Another aspect of the present application is described with regard tothe use of wireless technology, like the near field communications (NFC)module 102 of the user device 101 in conjunction with a wirelesscredential 103 as shown in FIG. 1. To provide for increased security andconvenience, it is becoming more common for banks, etc., to issue NFCenabled credit cards (smart cards), or other wireless tokens or tags.While this embodiment is described with reference to using near fieldcommunications and NFC module 102, any low energy wirelesscommunication, such as Bluetooth Low Energy (BLE) devices may also beutilized. In effect, these cards are readable when placed in closeproximity to a reader (point of sale terminal, etc.) So, instead ofphysically entering account information or reading it from a magneticstrip, you tap the card on a capable device and it is read wirelessly.Because these cards, tags or tokens can be intelligent and dynamicallygenerate data (for example, digitally sign challenge value) which arenot easily reproducible or copied, and because they must be in proximityto the reader, they provide a possession credential for verifying auser, entry of information wirelessly to eliminate errors, ease of use,and better security. However, since these cards can be stolen, highersecurity requires that the user (holder) of the card also be verified atthe same time as the presentation of the card, and authenticated as theuser whom the card was issued to.

Smart phones are now being developed with both wireless credentialreader and emulator capabilities. Apps within your phone can emulate awireless enabled credit card. It is now possible to tap your phone to aPOS terminal and the terminal will read the phone as if it is reading acredit card wirelessly. This is known as hardware card emulation HCE.Additionally, smart phones are now available with the ability to readwireless tags or tokens (e.g. smartcards, etc.). In this embodiment, theuser is verified using one type of credential, biometric, password,etc., and then after verification, the user is instructed to tap thecard to the user device, the device captures the information (whichitself is encrypted), which is ultimately delivered back to theenterprise for their use. The benefit of the wireless card/token is thatthese are unique devices that cannot be easily compromised by hackers,they require possession and proximity. That is, a user must have theactual card in their possession, and also in close proximity to the userdevice. The card can also provide the issuer's account information inencrypted form so that neither the user device 101 nor the enterprise130 can view this information—they just pass it to the issuer forconfirmation. Rather, in contrast to standard credit card information inwhich the credit card need not be present, and the credit card accountinformation is not encrypted on the card. The use of a wireless card canprovide verification (possession) as well as additional security throughits own encrypted data. The synergic effect for authentication is thatthe user is using their own card/token on their own user device 101.This authentication provides a higher level of trust because both ofthese authenticators (card and user device) are non-reproducible andlikely to be reported when lost or stolen.

FIG. 4 shows an example transaction between a user and the enterpriseexemplifying the use of wireless credential enabled devices andsmartcards to pass through account information in encrypted form.

Initially, user engages the enterprise 130 to make a purchase or performsome transaction with the enterprise 130. In this case, for purposes ofexplanation, the user is going to make a purchase 310 using the user'swireless credential, which is a wireless card 103 (for example, an NFCenabled credit card—but may be some other secure token). The enterprise130, in order to verify user that the user is who he/she alleges to be,sends a request to the authentication service 190 to capture the creditcard information (wireless card 103 information) and to verify the userprior to collecting the card information.

The request from the enterprise 130 includes the relationship ID(REL-ID), but may also include information from the enterprise 130informing the authentication service 190 how to read the card/token(e.g., manufacturer's data, index data, PPSE data). As a part of thisrequest the enterprise can attach a message to the user encrypted usingPK2′ of the key pair specific to the relationship ID (REL-ID). Also as apart of this request, the enterprise can optionally specify whichauthentication credentials it requires the authentication service toutilize to authenticate the user. The method the enterprise uses tospecify which credentials must be used can be at any level of credentialspecification (category, type, attribute, or any combination). If theenterprise specification is not distinct, the authentication servicewill provide any missing details to distinctly determine the credentialto utilize, based on the authentications service's knowledge of what thedevice is capable of and which credentials the authentication servicebelieves are best.

Using the relationship ID, the authentication service 190 identifies thedevice ID (DEV-ID) and sends a command to the device 101 in order toverify the user and capture the credit card information. While theauthentication service 190 is capable of using any of the credentialsenrolled by the user through the user device 101, in this example, theauthentication service 190 sends a command to the device 101 requestinga biometric sample 425. A message is then displayed on the user device101 requesting a fingerprint sample 430. After the user provides thesample, for example, by placing a finger on the device sensor 422, thesample is encrypted using PK1 (shown as encrypt [sample] PK1) 425 andtransmitted 435 back to the authentication service 190.

After receiving the sample, the authentication service 190 decrypts(decrypts [sample] PK1′) and verifies the sample 440. After the samplehas been positively verified, the authentication service 190 transmits acommand to the device 101 to request wireless data capture. The devicedecrypts the message sent from the enterprise, in this case “PLEASEPRESENT CARD” 445, which may also include information informing the userdevice 101 on how to read the wireless card 103. The user then taps orlocates in close proximity 450 the wireless card 103 to the user device101. User device 101 reads and encrypts 455 the read information usingkey PK2 from key pair D2 shown as [CARD INFO] PK2 and transmits 460 thisinformation to the authentication service 190. It is also noted that theaccount information on wireless card may be encrypted so that only theissuing authority can decrypt this information—providing an additionallayer of security. The authentication service 190 then transmits 465 thewireless card 103 card information to the enterprise 130 which holds akey PK2′ to decrypt the card information. The enterprise then decryptsthe card information [CARD INFO] PK2′ 470. The card information readfrom the wireless card 103 may also be in encrypted form such that onlythe issuer of the card 103 can further decrypt this information. Thisencrypted account information may then be transmitted to the issuer whodecrypts the information to complete the transaction.

As compared to merely entering credit card information on the userdevice 101, the use of a wireless card 103 requires a uniquely issuedcard to be present and in proximity to the trusted user device 101 andonly after biometrically authenticating the user. As the accountinformation may be encrypted as well by the issuer, an additional layerof security is added in combination with increased trust of thecorresponding verification.

III. Wireless CARD CHALLENGE

Another unique feature associated with a wireless enabled card is thatthe card possesses an intelligent chip that can be configured, inconjunction with the issuer, to have one key PK(nfc) of an asymmetrickey pair (PK(nfc)/PK'(nfc)). The issuer has the other key PK'(nfc).Thus, the wireless card 103 can encrypt information. Accordingly, to addanother layer of security/verification, instead of just reading thecard, the card may be challenged with a value (usually random to avoidreplay attacks), and the card encrypts the value with the key PK(nfc)and the encrypted value gets sent back to the issuer 135 with thechallenge value. The bank (or issuer) then decrypts and verifies thechallenge value, which verifies the card is truly the issued card, andprovides an additional layer of security from copying or cloning awireless smart card.

FIG. 5 shows an example transaction between a user and the enterpriseexemplifying the use of wireless enabled devices and smartcards to passthrough account information in encrypted form.

Initially, user engages the enterprise 130 to make a purchase or performsome transaction with the enterprise 130. In this case, for purposes ofexplanation, the user is going to make a purchase 510 using the user'swireless card 103 (e.g., NFC enabled credit card). The enterprise 130,in order to verify user that the user is who he/she alleges to be, sendsa request to the authentication service 190 to capture the credit cardinformation and to verify the user prior to collecting the cardinformation. However, in this embodiment, the enterprise 130 alsogenerates a random number (123) or a globally unique number as achallenge value, encrypts the random number [challenge value] PK2′ andtransmits 515 this number to the authentication service 190 with achallenge request to forward to the user device 101 after the user'scredentials are verified. The request includes the relationship ID(REL-ID)), but may also include information from the enterprise 130informing the authentication service 190 how to read the card (e.g.,manufacturer's data, index data, PPSE data). As a part of this request,the enterprise can attach a message to the user encrypted using PK2′ ofthe key pair specific to the relationship ID (REL-ID). Also as a part ofthis request, the enterprise can optionally specify which authenticationcredentials it requires the authentication service to utilize toauthenticate the user. The method the enterprise uses to specify whichcredentials must be used can be at any level of credential specification(category, type, attribute, or any combination). If the enterprisespecification is not distinct, the authentication service will provideany missing details to distinctly determine the credential to utilize,based on the authentications service's knowledge of what the device iscapable of and which credentials the authentication service believes arebest.. Using the relationship ID, the authentication service 190identifies 520 the device ID (DEV-ID) as well as the user's specific setof credentials, and sends a command to the device 101 in order to verifythe user. While the authentication service 190 is capable of using anyof the credentials enrolled by the user through the user device 101, inthis example the authentication service 190 sends a command to thedevice 101 requesting a biometric sample 525. A message is thendisplayed on the user device 101 requesting, for example, a fingerprintsample 530. After the user provides the sample by placing a finger onthe device sensor 532, the sample is encrypted using a key of the keypair D1 PK1 (encrypt [sample] PK1) 534 and transmitted 535 back to theauthentication service 190.

After receiving the sample, the authentication service 190 decrypts thesample using the other key of the key pair D1 (decrypts [sample] PK1′)and verifies the sample 540. After the sample has been positivelyverified, the authentication service 190 transmits a command to thedevice 101 to request wireless data capture with a challenge. The devicedecrypts the message sent from the enterprise, in this case “PLEASEPRESENT CARD” 545 with a request to challenge the card with thechallenge value from the enterprise request. The user device 101decrypts the encrypted challenge value using key PK2 of the key pairD2—decrypt [challenge value] PK2. The user then taps 550 the wirelesscard 103 on the enabled user device 101. The information on the wirelesscard 103 is read and the wireless card 103 is challenged using thevalue. The card 103 encrypts the challenge value using an embedded keyPK(nfc) and transmits this to the user device 101. User device 101 readsand encrypts 555 the read information including the encrypted challengedvalue using key PK2 of key pair D2 (encrypt [CARD INFO+[challenge value]PK(nfc)] PK2. The user device 101 then transmits all of this informationto the authentication service 190. The authentication service 190 thentransmits/relays 562 the encrypted wireless card 103 information and theencrypted challenge value to the enterprise 130 which holds a key PK2′of key pair D2 to decrypt the credit card information. The enterprisedecrypts the information (decrypt [CARD INFO+[challenge value] PK(nfc)]PK2′) 570. The card information read from the wireless card 103 may alsobe in an encrypted form such that only the issuer of the card 103 candecrypt this information. Next, the encrypted challenge value and thechallenge value generated by the enterprise 130 are transmitted to theissuer 135. The issuer can then decrypt the challenge value (decrypt[challenge value] PK'(nfc)) and verify 580 it is the same challengevalue transmitted from the enterprise 130. If the decrypted challengevalue is verified by comparison to the challenge value transmitted fromthe enterprise 130, the issuer 135 transmits the result back to theenterprise 585 as further verification that the system has not beencompromised. In response, the enterprise 130 transmits 590 the cardinformation back to the bank 135 or issuer of the card.

As compared to merely entering credit card information on the userdevice 101, the use of a wireless card 103 requires a uniquely issuedcard to be present, in proximity to the trusted user device 101, andonly after biometrically authenticating the user. As the accountinformation may be encrypted as well by the issuer, an additional layerof security is added. The addition of using a card challenge provides anadditional level of security as the random number is generated for eachparticular transaction providing for an additional layer of securityagainst replay attacks.

IV. SMART CHOICE

Another aspect of the present application is to provide anauthentication service with all available authenticators for aparticular user network device (e.g. a user's smartphone or IPad™ orlaptop computer, etc.) integrated. In doing so, all these authenticatorsare now available to the authentication service for use as parameters toanonymously authenticate the user associated with that device for anyenterprise with which the user has established a relationship. To do so,the authentication service initially sets up a relationship with theapplicable user network device binding all of the authenticatorsavailable on that device to the authentication server. Thus, theenterprise need not know what authenticators are available on a user'sdevice. Instead, the enterprise can simply ask the authenticationservice for a biometric credential, a knowledge credential and/or apossession credential. The authentication server will then determinewhat credential(s) are available from the user's network device in eachdesired credential category and request the most appropriate availablecredential(s) from the use's device for the desired category. Forexample, if the user is performing a high level (e.g. high US dollaramount) transaction, the enterprise may want a biometric credential,along with a knowledge credential such as a password, to be verified.The authentication server knows which biometrics are available on theuser device and queries the user for a biometric available on thedevice. If multiple biometrics are available on the device, theauthentication server selects the biometric considered most appropriateunder the circumstances prior to making the query, and requests theselected biometric.

In any of the transactions and interaction described in the embodimentsabove, the enterprise 130 can specify the category of credential to beverified by the authentication service 190. However, to do so, theenterprise must have specific knowledge of what credentials the user hasenrolled using the user device 101. The credentials are may also bedirectly associated with the account ID (A-ID) of the user, orassociated with the account ID (A-ID) via the particular device ID(DEV-ID) the credential is associated with. All of the user's devicesare associated with the account ID (A-ID).

Another aspect is to provide a choice option when the enterprise 130 isdealing with a particular device in which the enterprise selects thepolicy at a category level (biometric, knowledge or possession) and theauthentication service chooses the best or the available type(fingerprint, voice, facial recognition—in the case of biometric) touse. Thus, the enterprise need not know all of the available types ofbiometrics available, but can merely select biometric. Another aspectprovides that the enterprise can query the authentication service aboutwhich authenticators are available and the authentication service canrespond with categories, types and attribute available.

Another aspect, in the case where a user has multiple devices enrolled,after receiving a query or a policy request from the enterprise, theauthentication service can let the enterprise know what authenticatorsare available based on the various user devices that have relationshipsestablished with the enterprise. As the relationship between aparticular device and the enterprise is device specific, in the case ofmultiple devices, the enterprise and the user may have multiplerelationship IDs (REL-ID) set up. These are separate and distinct aseach relationship will have a different asymmetric key paircorresponding to each user device.

FIG. 6 shows a table representing a hierarchical list of availablecredentials including categories, types and attributes stored in thedatabase 121 of the authentication service 190 to be associated with aparticular account ID for an enrolled user. As shown in the table, thecategories include biometric, knowledge and possession—however, thepresent invention is not limited to this particular hierarchicalstructure. Each one of these categories may contain several types ofcredentials, for example, the biometric category one type is finger,which relies on captured aspects of the user's finger. At a finer levelof detail, each type may be identified by an attribute. For example,with regard to the fingerprint, the attribute may be which finger=index.

In some instances, a user may have an account set up with more than oneuser device. Because each user device may have different capabilitiesfor obtaining various credentials, the table may be set up to identifywhich devices are capable of sampling which credentials. However, thedevice capabilities may be stored separately from the list of enrolledcredentials.

FIG. 7 shows a process where the enterprise 130 establishes a policy forverification and the authentication service 190 reviews the policy andselects the applicable credential for verification. This processincorporates the relationships and key pairs established in FIG. 2. Inthis example, the policy is applied to the user's enrolled credentialswhere the user only has a single device enrolled with the authenticationservice 190. The process begins when the user engages the enterprise 130to perform some transaction. In this case, the user is making a purchase710 from the enterprise 130. To complete the purchase, the enterprise130 sends a request 715 to the authentication service 190 to verify theuser prior to capturing the account information from the user's creditcard. This request also includes a policy request regarding theverification of the user. In this example, assume the transaction is fora substantially high purchase amount. Rather than elect to receive amere password from the user, the enterprise 130 can set the policy torequire a biometric from the user. In order to determine what credentialto require, the authentication service 190 accesses the enrolledcredentials in the database 121. Again, assume the user has onlyenrolled one device (DEV 1). While the enterprise 130 set the policy atthe category level, this is not required. Rather, the enterprise 130 mayset the policy at a finer granular level by selecting a specific typeand a specific attribute.

With reference to table 1, the enrolled user device is capable of twotypes of biometrics—voice and finger. Thus, there are two types ofbiometrics available for selection by the authentication service 190.The authentication service 190 then chooses the type and attribute ofthe biometric to be used for verification 725. In order to decidebetween the two types of biometrics, the authentication service 190 mayhave a predetermined hierarchy in which the finger type is preferredover the voice type. This hierarchy may be established in any number ofways—it may be a specified arrangement between the enterprise 130 andthe authentication service 190, or it may be established based onwhether one type of authenticator has a higher level of trust ascompared with another. Here, the authentication service 190 prefers thefinger type as compared to the voice type, and more specifically prefersa fingerprint sample (attribute).

It is also noted that the hierarchy—category, type,attribute—established in Table 1 may include additional elements. Whilethis is a three-level hierarchy, the enrolled credentials may lendthemselves to different hierarchical structures. The function of thehierarchy is to provide some logical basis so that the enterprise 130can provide some sort of policy at a macroscopic level in theauthentication service 190 and select or determine a credential at amicroscopic level that fits the policy. The concept is that a multitudeof potential credentials of various kinds, and with various levels oftrust, can be centralized with the authentication service 190 so thatthe enterprise 130 need not keep track on a user by user basis, a deviceby device basis, and on the credential by credential basis, whatpossible credentials are available for authenticating a user for aparticular transaction.

Now after selecting the type of sample to use for verification based onthe policy received from the enterprise 130, the authentication servicesends a request to the user device 101 for a fingerprint sample 730. Theuser device 101 displays a request for a sample to the user 732. Theuser applies their finger to the device 101 and the user device 101collects a sample 735. The user device encrypts the sample using key PKof key pair D1 (encrypt [FINGERPRINT] PK) and transmits 738 the sampleto the authentication service 190. The authentication service thendecrypts the sample using the other key PK′ of the key pair D1 (decrypt[FINGERPRINT] PK') and verifies the sample 740. Upon a successfulverification, the authentication service 190 then transmits a messagefor a user to enter credit card information to the user device 101 745.The user enters the credit card information, the card information isencrypted using one key PK of key pair D1′ 750 and then transmitted 755to the authentication service 190. The authentication service 190 relaysencrypted information 760 to the enterprise 130 information indicatingthat the user was verified including the category, type and attribute toverify the user—“successful verification using fingerprint”.

Additionally, in the event that the authentication service 190 does notfind an enrolled credential satisfying the enterprise's policy request,the authentication service 190 can send a message back to the enterprise130 indicating that the user has not enrolled this category, type orattribute of credential.

Next, a process in which the authentication service 190 selects thecategory, type and attribute for verification when the user has multipledevices enrolled with the authentication service 190 is discussed withreference to FIG. 8.

Again, this process incorporates the relationships and key pairsestablished in FIG. 2. The policy is applied to the user's enrolledcredentials where the user may have multiple devices enrolled with theenterprise 130. The process begins when the user engages the enterprise130 to perform some transaction. In this case, user is making a purchase810 from the enterprise 130. To complete the purchase, the enterprise130 sends a request 815 to the authentication service 190 to verify theuser and to capture the account information from the user's credit card.This request also includes a policy request regarding the verificationof the user. In this example, assume the transaction is forsubstantially high purchase amount. Rather than elect to receive a merepassword from the user, in this case the enterprise 130 sets the policyto require an eye biometric from the user. In this request, theenterprise identifies the relationship with the user using therelationship ID (REL-ID #1). As describe above with regard to FIGS. 1and 2, the relationship is between a specific user device 101 (DEV 1)and the enterprise 130. Next, using the relationship ID theauthentication service 190 identifies the account ID associated with theuser device 101 (DEV 1) which is tied to the relationship ID.

After accessing the enrolled credentials for the user's account(Table 1) 820 the authentication service 190 determines that there is anenrolled credential for the biometric category under the type “eye”.However, the authentication service 190 also can determine that DEV 1either does not have this credential enrolled or is not capable ofproviding a sample for the users “eye” 825. In this instance, theauthentication service 190 may transmit a message back to the enterprise130 informing the enterprise 130 that user device 101 is not capable ofobtaining an eye sample. The enterprise 130 may inform the user thatthis transaction is not available unless the user has a device enrolledwith the authentication service 190 having “eye sample” capabilities.The user may then elect to establish a relationship with the enterprise130 in the manner set forth above with regard to FIG. 2.

Alternatively, as shown here with regard to FIGS. 6 and 8, for purposesof explanation we will assume that the user has two devices (DEV 1 andDEV 2) enrolled with the authentication service 190, and each device hasan independent relationship (REL-ID #1, REL-ID #2) established with theenterprise 130. Different relationships are established for each deviceas each key pair D1 between a specific user device 101 and theenterprise 130 is separately established. Here, relationships associatedwith the two devices (REL-ID #1, REL-ID #2) can be associated by theaccount ID of the user. Alternatively, some sort of user ID may beestablished to make these associations while maintaining the anonymityof the actual user.

An operation 825, the authentication service 190 with reference to Table1 of FIG. 6 can determine that a verification of an “eye” sample may beperformed using another device DEV 2. In this instance, theauthentication service 190 may transmit a message to the enterprise 130suggesting that the enterprise 130 use the relationship (REL-ID#2) whichassociates enterprise 130 with the user device DEV 2. Now the enterprisecan resend a request similar to the request sent in operation 815, butwith a different relationship ID (REL-ID#2). The process now proceeds inthe same manner as set forth in FIG. 7, with the exception that an eyesample is required instead of a fingerprint sample.

V. TOKEN STORAGE/ATTESTATION

1. Key/Token Storage

Another concept that can be built on the system described in FIGS. 1 and2 is the key storage or token storage concept. Here, in addition to thekey pairs and relationships set up as described above, another level ofsecurity is added to something that may be stored with the enterprise.For example, in the case of digital currency, which is often stored inexchanges, if the exchange is hacked the digital currency can be stolen.By using the authentication service 190, a user can provide additionalsecurity for the digital currency being held in exchange (enterprise).

According to this embodiment, to establish this additional layer ofsecurity, the user would engage the enterprise 130 to set up an account.Part of the account set up entails creating a multi-key environmentwhere the keys are stored in different locations so that if one of thelocations is compromised the security built upon the key pairs is notbroken. To accomplish this, when setting up the account, the enterprise130 generates a first key pair. One of these keys goes back to the userK1 (may be a key or password) and the other key k2 is stored with atrusted third party—the authentication service 190. This key K2 isencrypted using an asymmetric key pair (KP, KP′) by the authenticationservice 190 and stored with the authentication service 190 K2′(K2′=encrypt [K2] KP). The authentication service destroys the key KPused to encrypt the key K2 and also destroys the key K2. The otherasymmetric key KP′ is passed back to the enterprise 130. Thus, theauthentication service 190 only holds an encrypted form of K2, but doesnot hold the key KP′ which can decrypt the encrypted form. Another facetto this enhanced security is a requirement that when the user wishes touse the account at the enterprise, the user cannot merely make a requestof the enterprise, but instead must authorize the verified user devicebased on the relationship the user device has set up with theauthentication service.

FIG. 9 shows a process in accord with this embodiment for establishing asecure storage for an item using key pairs established between the user,the enterprise and the authentication service.

Initially, the user makes a request to set up an account 1010 with theenterprise 130. As a part of this process, a key pair (K1, K2) iscreated between the user and the enterprise 130 in order to secure theaccount. Here, the key pair need not be asymmetric. The only requirementis that both keys (K1, K2) be required to unlock the account. Forexample, the key K1 may be a password selected by the user or a key thatis stored on the user's device. When K1 is a key generated by theenterprise 130, not the user, it is transmitted back to the user 1030.After the key pair is generated, the second key K2 is transmitted 1040to the authentication service 190 with some sort of indicia to associatethe key K2 with the user's account ID (ACCT-ID). While the relationshipID (REL-ID) associating the relationship between enterprise 130 and theuser device 101 may be used, a user ID (USER-ID) which would anonymouslyassociate the user with the account may be used to identify user'saccount ID (ACCT-ID) so that key K2 can be utilized by any user device.

After receiving the key K2 from the enterprise 130, the authenticationservice creates new key pair (KP, KP′), which in the preferredembodiment is an asymmetric key pair. The first key KP of the key pairis used to encrypt the key K2 received from the enterprise 130 togenerate key K2′, which is encrypted form of K2 (K2′=encrypt [K2] KP).The authentication service 190 stores K2′ in association with the user'saccount ID (ACCT-ID) which can be identified by user ID (USER-ID)received from the enterprise 130. In the event that the enterprise 130uses the relationship ID (REL-ID) as established in the proceduresdescribed above, the authentication service 190 could identify theaccount ID of the user using the relationship ID via the device ID. Thesecond key of the asymmetric key pair KP′ is transmitted 1090 back tothe enterprise 130 to be stored. This is the only key that can be usedto decrypt the encrypted form of key K2. This key KP′ may be accompaniedby some identifier so that the enterprise 130 and the authenticationservice 190 may be able to identify the key bundle K2′ in the event thatthe keys from multiple accounts are stored with the authenticationservice 190.

Next, the authentication service 190 destroys the keys KP, KP′ used toencrypt/decrypt the key K2 received from the enterprise 130 and does notstore the key K2. That is, by some manner these keys are destroyed sothat if the security of the authentication service 190 is compromisedthey cannot be stolen. Consequently, encrypted form of K2 (K2′) isstored with the authentication service 190 and the only key (KP′)capable of decrypting K2′ is stored with the enterprise 130. Now, theuser's account at the enterprise 130 is secured by keys K1, K2 and thekey K2 is stored at the authentication service 190 in an encryptedbundle has K2′. This encrypted bundle can only be decrypted by the keyKP′ stored with the enterprise 130.

The process for using the account established with the enterprise afterestablishing the key bundles is described below. First, the user sends arequest 1100 to the enterprise 130 to use the account established withthe enterprise 130 and the user provides the key K1 to the enterprise130. In response, the enterprise 130 sends a request 1120 to get therequired key bundle K2′ in order to access/unlock the account. Thisrequest is sent with an identifier so that the user's account (ACCT-ID)can be identified. This identifier may be a relationship ID (REL-ID) orsome other identification that would serve the same purpose. Theauthentication service 190 uses this information to find the properaccount ID (ACCT-ID) in order to locate the appropriate key bundle K2′.The request 1120 may also include the policy to be applied by theauthentication service 190 when verifying the user through the userdevice 101.

Next, the authentication service 190 applies the policy sent withrequest 1120 to determine the proper user device and/or credential 1140to be used to verify the user through the user device 101. Theauthentication service 190 then transmits a message 1150 to the userdevice 101 to “Authorize Key Delivery” and also a request for acredential from the user to be applied through the user device 101. Thismessage may be encrypted using the key PK′ that would be established asdescribed above with regard to FIGS. 1 and 2. The message is decryptedby the device 101 using key PK and the user device captures a sample1160. The sample is then encrypted using key PK and transmitted back tothe authentication service 190 for verification 1170. The authenticationservice 190 decrypts the message using key PK′ and verifies the sample1180. If the user is properly verified the authentication service 190then transmits 1190 the key bundle K2′ to the enterprise 130. Theenterprise then uses the key KP′ to decrypt the key bundle K2′ to getthe key K2 (decrypt [K2′] KP′=K2). Now the enterprise 130 using keys K1and K2 can unlock the account for the user.

It is noted that all communications between the user device 101enterprise 130 the authentication service 190 can be encrypted anddecrypted using the keys relationships established above with regard toFIGS. 1 and 2. Additionally, verification of the user can be performedusing any of the embodiments described above with regard to FIGS. 1-8.2

2. Attestation

Another concept that can be built on the system described in FIGS. 1 and2 is the third party attestation concept. Here, in addition to the keypairs and relationships set up as described above, the authenticationservice 190 can store some sort of attestation (ballot for voting,verification of age, proof of credit, etc.) that is provided by trustedthird party (government agency, bank, etc.). For example, in theembodiment described below, the department of motor vehicles atteststhat the user is over the age of 21. This attestation may be used by theuser to purchase alcohol via a web transaction—where it is notconvenient to provide physical proof of age.

FIG. 10A shows a process in accord with this embodiment for obtaining anattestation from an attester 160, storing the attestation with theauthentication service 190 and providing the attestation to anenterprise 130. In this embodiment, key pairs and relationships arepresumed be established between each of the parties and theauthentication service set forth above with regard to FIGS. 1-8.

Initially, the user issues a request 801 to the trusted third party,attester 160, to issue an age attestation. The request can include ahuman readable label L1 “Age Attestation” that describes the attestationand request regarding policy to be applied when verifying the userbefore providing the attestation to an enterprise 130. In response, theattester 160 issues an attestation AT1 and transmits the attestationwith an identifier to identify the account of the user. The attester 160may also submit a policy request with the attestation AT1 to be appliedwhen verifying the user prior to storing the attestation with theauthentication service 190 in the user's account.

Before storing the attestation AT1, the authentication service 190locates the user's account using the identifier and applies the policyto determine the device and the credential to use for verification 807.The authentication service 190 then sends an encrypted request for asample 810 to the user device 101. The user device 101 decrypts themessage and displays to the user that a sample is requested to verifythe user 815. The user device 101 encrypts and transmits the sample backto authentication service 190 for verification 820. After theauthentication service 190 verifies the user based on the sample, amessage is transmitted back to the device 101 with the human readablelabel L1 for the attestation that indicates that the attestationsuccessfully stored with the authentication service 190. Followingverification of the user, the authentication service 190 also stores theattestation in association with the user account (ACCT-ID).

In the example above, an attestation of age is provided by the attester160. However, the present embodiment contemplates other types ofattestations. These may include verification of credit, ballots, couponsor any other attestation that typically requires some sort of physicalcredential for support. While the attester 160 provides the ageattestation in operation 805 with an identifier and the policy request,the attestation AT1, may include other limiting criteria to be storedwith attestation at the authentication service 190. Such limitingcriteria may include information: (1) destroy on first use; (2) time tolive TTL; or (3) an effective date range. The information may alsoinclude a time stamp (when issued) or a uniform resource identifier URIto enable the enterprise 130 to later validate the attestation.

Additionally, when the attestation AT1 is stored, it is also stored withthe information provided by the user in step 801 and the attester 160 instep 805. In particular, the attestation may be stored with the humanreadable label L1, the policy of issuer, the policy of the user, a timeto live or date range. It is also noted that the attestation AT1 to bestored in encrypted form.

Now that the attestation has been stored with the authentication server190, the user may use attestation when needed. The process for doing sois described in FIG. 10 beginning with operation 840. Here user electsto engage with a gambling enterprise 130. The gambling enterprise 130requires proof of age before the user can gamble. Now the user can relyon the stored attestation of age without having to show any physicalproof to the gambling enterprise. Using the user device 101, the userlocates and selects the label L1 for age attestation and the user device101 transmits a request with the label L1 and the relationship ID(REL-ID) to the authentication service 190.

In response to the request, the authentication service 190 applies thepolicy 860 set by the user in operation 801 to select the credentialrequired for verification of the user. The authentication service 190then sends a request for a sample 870 to user device 101, which requestsa sample from the user 865. After capturing the sample, the sample istransmitted back the authentication service 190 which verifies thesample 880. Upon a successful verification, the authentication service190 transmits 890 the attestation AT1 back to the user device 101.

Alternatively, that attestation AT1 may be transmitted 891 directly backto the enterprise 130.

It is also noted that the attestation AT1 can be stored in encryptedform using the structure outlined in FIG. 9 with some modification.Doing this functions to provide additional security for sensitivedata—account data, personal information, etc. A process for storing theattestation in this manner is shown in FIG. 10B.

The process for obtaining an attestation follow operations 801 through821 of FIG. 10A. However, after receiving the attestation AT1 from theattester 160, the authentication service 190 generates an asymmetric keypair (KP, KP′) 822, signs the attestation using the key KP, and addssigned [ATI] KP to the attestation AT1 823. The authentication servicedestroys the key KP 824 and transmits 826 that other key KP′ to theattester 160.

The process for using the attestation follows flow of FIG. 10A inoperations 840 through 880. However, in this case, the attestation AT1is transmitted 890 with the signed AT1 to the enterprise 130. Theenterprise then verifies the attestation 891. While the enterprise 130may verify this attestation using some know algorithm, in this case, theenterprise transmits 892 the attestation AT1 and the signed [AT1] KP tothe attester 160. The attester 160 then validates 893 the attestationusing the key KP′ to ensure that the attestation AT1 has not beenmodified. The result of this validation is then transmitted back to theenterprise 894.

What is claimed is:
 1. An authentication server for authenticating auser who is communicating with an enterprise via a network, comprising:a memory for receiving, via the network, authenticators for a user froma user device associated with the user, and storing the receivedauthenticators; and a processor for: receiving, from the enterprise, arequest to authenticate the user with an authentication policy forauthenticating the user, wherein the request does not identify which ofthe stored authenticators is to be used for authenticating the user,wherein the authentication policy establishes a type of authenticator tobe used for authenticating the user; determining a first authenticatorfrom the stored authenticators to be used for authenticating the userbased on the authentication policy received from the enterprise;transmitting an authentication request to the user device via thenetwork requesting the first authenticator; in response to theauthentication request, receiving from the first user device, anauthenticator in response to the authentication request, andauthenticating the user by comparing the received authenticator with thestored first authenticator.
 2. The authentication server of claim 1,wherein the stored authenticators include a plurality of authenticatorsincluding at least two different authenticators in different categoriesof authenticators, the different categories including a knowledgecategory including information known to the user, a possession categoryincluding something physically possessed by the user, and a biometriccategory identifying physical attributes of the user.
 3. Theauthentication server of claim 1, wherein the stored authenticatorsinclude a plurality of authenticators including one or more of: (i) atleast two different authenticators in different categories ofauthenticators, the different categories including at least two of aknowledge category including information known to the user, a possessioncategory including something physically possessed by the user, and abiometric category identifying physical attributes of the user; (ii) atleast two different types of authenticators in a same category ofauthenticators; or (iii) at least two different species ofauthenticators of the same type of authenticator.
 4. The authenticationserver of claim 1, further comprising: receiving from the user device,via the network, a device identifier that identifies the user device andstoring the device identifier in association with a user accountidentifier, the stored received authenticators being stored with theuser account identifier; storing a relationship identifier thatidentifies a relationship between the enterprise and the user deviceusing the device identifier; and the determining whether the storedauthenticators include the first authenticator comprises identifying thestored authenticators using the relationship identifier to identify thedevice identifier and using the device identifier to identify the useraccount identifier stored with the received authenticators.
 5. Theauthentication server of claim 1, wherein the stored authenticators arestored in a hierarchy based on predetermined level of trust associatedwith each of the received authenticators.
 6. The authentication serverof claim 5, wherein the first authenticator of the stored authenticatorsis used for authenticating the user by applying the authenticationpolicy to the stored hierarchy of authenticators.
 7. The authenticationserver of claim 1, further comprising: transmitting to the enterprise,via the network, a result of the authentication including a type ofauthenticator used for the authentication.
 8. The authentication serverof claim 1, wherein the authentication server does not store the trueidentity of the user.
 9. The authentication server of claim 1, whereinthe enterprise does not know what authenticators are stored in thememory of the authentication server.
 10. A computer implemented methodfor authenticating a user who is communicating with an enterprise via auser device, comprising: receiving authenticators for a user and storingthe received authenticators; receiving, from the enterprise, a requestto authenticate the user with an authentication policy forauthenticating the user, wherein the request does not identify which ofthe stored authenticators is to be used for authenticating the user,wherein the authentication policy establishes a type of authenticator tobe used for authenticating the user; determining whether the storedauthenticators include a first authenticator to be used forauthenticating the user based on the authentication policy; when thestored indicators include the first authenticator, transmitting anauthentication request to the user device requesting the firstauthenticator, receiving, from the user device, an authenticator inresponse to the authentication request, and authenticating the user bycomparing the received authenticator with the stored firstauthenticator; and when the stored authenticators do not include thefirst authenticator, transmitting to the entity an identification of atleast one of the stored authenticators, for the entity to determine ifthe at least one of stored authenticators is to be used forauthentication.
 11. The method of claim 10, wherein the storedauthenticators include a plurality of authenticators including at leasttwo different authenticators in different categories of authenticators,the different categories including a knowledge category includinginformation known to the user, a possession category including somethingphysically possessed by the user, and a biometric category identifyingphysical attributes of the user.
 12. The method of claim 10, wherein thestored authenticators include a plurality of authenticators includingone or more of: (i) at least two different authenticators in differentcategories of authenticators, the different categories including atleast two of a knowledge category including information known to theuser, a possession category including something physically possessed bythe user, and a biometric category identifying physical attributes ofthe user; (ii) at least two different types of authenticators in a samecategory of authenticators; or (iii) at least two different species ofauthenticators of the same type of authenticator.
 13. The method ofclaim 10, further comprising: receiving from the user device, via thenetwork, a device identifier that identifies the user device and storingthe device identifier in association with a user account identifier, thestored received authenticators being stored with the user accountidentifier; storing a relationship identifier that identifies arelationship between the enterprise and the user device using the deviceidentifier; and the determining whether the stored authenticatorsinclude the first authenticator comprises identifying the storedauthenticators using the relationship identifier to identify the deviceidentifier and using the device identifier to identify the user accountidentifier stored with the received authenticators.
 14. The method ofclaim 10, wherein the stored authenticators are stored in a hierarchybased on predetermined level of trust associated with each of thereceived authenticators.
 15. The method of claim 14, wherein the firstauthenticator of the stored authenticators is used for authenticatingthe user by applying the authentication policy to the stored hierarchyof authenticators.
 16. The method of claim 10, further comprising:transmitting to the enterprise a result of the authentication includinga type of authenticator used for the authentication.
 17. A computerimplemented method for authenticating a user who is communicating withan enterprise via a network, comprising: receiving, via the network,authenticators for a user from a first user device associated with theuser and authenticators for a second user device associated with theuser, and storing the received authenticators; receiving, from theenterprise, a request to authenticate the user with an authenticationpolicy for authenticating the user, wherein the request does notidentify which of the stored authenticators is to be used forauthenticating the user, wherein the authentication policy establishes atype of authenticator to be used for authenticating the user;determining whether the stored authenticators include a firstauthenticator to be used for authenticating the user based on theauthentication policy; and when the stored indicators include the firstauthenticator, selecting one of the first user device and the seconduser device to use for authentication, transmitting an authenticationrequest to the selected user device via the network requesting the firstauthenticator, receiving, from the selected user device, anauthenticator in response to the authentication request, andauthenticating the user by comparing the received authenticator with thestored first authenticator; and. when the stored authenticators do notinclude the first authenticator, transmitting to the enterprise anidentification of at least one of the stored authenticators, for theentity to determine if the at least one of stored authenticators is tobe used for authentication.
 18. The method of claim 17, furthercomprising: receiving from the first user device, via the network, afirst device identifier that identifies the first user device andstoring the first device identifier in association with a user accountidentifier, the stored authenticators being stored with the user accountidentifier; receiving from the second user device, via the network, asecond device identifier that identifies the second user device andstoring the second device identifier in association with the useraccount identifier, the stored received authenticators being stored withthe user account identifier; storing a first relationship identifierthat identifies a relationship between the enterprise and the first userdevice using the first device identifier; storing a second relationshipidentifier that identifies a relationship between the enterprise and thesecond user device using the second device identifier; and thedetermining whether the stored authenticators include the firstauthenticator comprises identifying the stored authenticators using thefirst relationship identifier to identify the first device identifierand using the first device identifier to identify the user accountidentifier stored with the received authenticators.
 19. The method ofclaim 17, wherein the received authenticators are stored in a hierarchybased on predetermined level of trust associated with each of thereceived authenticators.
 20. The method of claim 17, wherein the firstauthenticator of the stored authenticators is used for authenticatingthe user by applying the authentication policy to the stored hierarchyof authenticators, and the first user device or the second user deviceis selected to be used for authentication based on the stored hierarchy.